CIMC CLI Command Injection Vulnerability || CVE-2024-20295

vishal-kumar1234 · ‎04-19-2024

We have Cisco Hyperflex nodes model “HX240C-M4SX” in our environment. Could you please let us know if the subjected vulnerability is applicable to this model.

If yes, could you please share the fix as well.

Leo Laohoo · ‎04-19-2024

Please read Cisco Integrated Management Controller CLI Command Injection Vulnerability.

vishal-kumar1234 · ‎04-21-2024

I went through the advisory and unable to find the answer, that's the reason I posted here. Tried checking with Cisco on the chat but they also not aware. Have create a TAC case with Cisco, will update here if I get any info from them.

Leo Laohoo · ‎04-21-2024

@vishal-kumar1234 wrote:
I went through the advisory and unable to find the answer

“HX240C-M4SX” is a Cisco Hyperflex Node.

Under the Vulnerable Products there are two (2) Cisco Hyperflex and both of them are Nodes.

vishal-kumar1234 · ‎04-21-2024

Thank you!!
Its mentioned Hyperflex Edge Nodes, Is “HX240C-M4SX” model an "Edge" Node ?

HyperFlex Edge Nodes
HyperFlex Nodes in HyperFlex Datacenter without Fabric Interconnect (DC-NO-FI) deployment mode (We have FI in our environment, so this one does not apply)

Leo Laohoo · ‎04-21-2024

Cisco HyperFlex HX240c M4 Data Sheet